How AI will transform cybersecurity

Securing your digital assets is a clear need for any business and individual, whether you are looking to protect your personal photos, your company’s intellectual property, your customers’ sensitive data, or anything else that can harm your reputation or business continuity.

Although billions of dollars are spent on cybersecurity, the number of reported cyberattacks and the magnitude of breaches keep rising. There are many frontiers where harnessing the predictive power of AI might give the upper hand to security vendors — and to us all, including individuals and businesses. The following summarizes the key arenas of AI cyberdefense innovation.

Detecting and blocking hacked IoT devices

Cisco forecasts that the number of connected devices worldwide will rise from 15 billion today to 50 billion by 2020. A high percentage of these devices do not have basic security measures due to limited hardware and software resources. A vivid demonstration of the power of hacked IoT devices was seen by the recent massive denial of service attack issued against KerbsOnSecurity.

Even more frightening is that the source code for the Mirai malware, which was used to initiate the attack, was soon released to the public and can now be used against any business or individual. IoT security is one of the most prominent arenas for AI technologies. Lightweight AI-based prediction models, which can reside and operate autonomously even on low computing power devices, can enable detection and blocking of suspicious activity in real time on the device or at the network level.

Preventing execution of malicious software and files

File-based attacks remain one of the leading cyberattack vectors. The most common file types used for file-based cyberattacks are executables (.exe), Acrobat Reader (.pdf), and MS Office files.

A tiny change in a single line of code can generate a new malicious file with the same malicious intent, but with a different signature. Small changes in its behavior trick legacy signature-based antivirus programs, as well as more advanced heuristic-based advanced endpoint detection and response (EDR) solutions and even network level solutions such as sandboxing.

There are a few startups that tackle this problem by harnessing AI. They leverage the immense capability to look over millions of features per suspicious file and detect even the slightest code mutations. The leaders in implementing file-based AI security are Cylance, Deep Instinct, and Invincea.

Improving security operating centers’ operational efficiency

One of the key problems of security teams is alert fatigue brought on by the overflow of security alerts they receive on a daily basis. On average, North American enterprises handle 10,000 security alerts per day! In many cases, this allows a malicious indicator to go below the radar despite being flagged as suspicious. There is a need for automatic classification of events by running advanced correlations between multiple sources of information, integrating internal log and monitoring systems with external threat intelligence services. This cyberdefense frontier is super-hot as it tackles a problem of large enterprises that operate their own security operating center (SOC). Some startups which approach this by using AI technologies are Phantom, Jask, StatusToday, and CyberLytic.

Quantifying risks

Quantifying organizations’ cyber risks is challenging, mainly due to the lack of historic data and the vast number of variables that need to be taken into account. Today organizations (and third parties that want to assess these organizations, such as cyber insurers) that are interested in quantifying their risks must go through a tedious cyber risk assessment process, which is mainly based on questionnaires that look at qualitative measures of compliance with available cybersecurity standards, as well as an organization’s governance and risk culture. This approach is insufficient for a genuine representation of cyber risk posture. AI technologies’ ability to process millions of data points and generate predictions can be the winning path for organizations and cyber insurers to arrive at the most accurate cyber risks estimation. A few startups are approaching this task, including BitSight and Security Scorecard.

Network traffic anomaly detection

The challenge of detecting the abnormal traffic that may indicate a malicious activity is immense because each organization has its unique traffic behavior. Finding correlations across protocols, without relying on intrusive deep packets inspection, requires analyzing thousands of correlations between the endless metadata instructed out of internal and external network traffic. A few startups are using AI technology to tackle this challenge, including Vectra Networks, DarkTrace, and BluVector.

Malicious mobile applications detection

According to Ericsson, smartphones crossed 2.5 billion devices worldwide and are expected to reach six billion by 2020. Looking into the top 100 iOS and Android Apps, Arxan research reveals that 56 percent of the top iOS apps and 100 percent of the top Android apps have been hacked in the past. The fact that the two leading app stores, Google Play and Apple App Store, both crossed the two million mark for available apps on their stores underscores the need for highly accurate, automatic classification of mobile applications. This classification method must be sensitive to the slightest obfuscation techniques, differentiating between malicious and benign applications. It can be delivered by using the cutting edge classification capability of advanced AI technologies. A few companies lead this arena, among which are Deep Instinct, Lookout Mobile Security, and Checkpoint (Lacoon Mobile Security).